Advances within Internet technologies have spawned new mechanisms of data, voice, and video communication including Internet Protocol (IP) telephony, which is a quickly developing field of telecommunications. However, the Internet is faced with two significant obstacles to fast, yet secure, communications. The first obstacle is usable bandwidth. Bandwidth affects the rate at which data can be transferred. The second obstacle pertains to security. The Internet does not provide a direct point-to-point connection between computers. Rather, it is a global system of interconnected computer networks that use the standard Internet protocol suite (often called TCP/IP, although not all applications use TCP) for the purpose of communicating between computers or other IP devices. As such, there is increased opportunity for eavesdropping on data, voice, or video transmissions over the Internet. Voice security is particularly desirable for VoIP connections over an IP network.
U.S. Pat. No. 7,747,013 by Dilkie et al. and assigned to Mitel Networks Corporation (referred to hereinafter as the '013 patent), addresses security issues with respect to VoIP telephone calls. Typically, a call signaling channel is secured by using a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or an IP Security Protocol (IPSec) on a secure well-known port. These approaches, however, suffer from delays in call setup time, complex handshaking procedures, and significant protocol overhead. In particular, in order to properly advise both endpoints in a communication system as to how to encrypt a voice packet, media signaling must carry the appropriate security information for negotiation requirements. Unfortunately, the delay of the signaling path relative to established voice path can result in some undesirable side effects.
Also, some VoIP implementations do not prevent signaling information from being viewed by unscrupulous computer hackers on the IP network used for VoIP calls. In some instances, when a SETUP message is sent over the IP network, the calling name and calling number is visible to sniffers or other such tools used on the Internet. To overcome this, voice packets are encrypted at a source and decrypted at the destination in order that a third party cannot eavesdrop on the conversation.
Therefore, the '013 patent sets forth an early detection system and method for encrypted signals in packet networks to address the race condition that can be created between simultaneous media and security negotiation. Typically the media path negotiation finishes first while the security negotiation may take several hundred milliseconds longer. This is especially true when security has to be negotiated though several network devices such as session border gateways, switches etc. The delay in completing the security negotiation can cause a significant and noticeable delay in the cut through of voice or other media streams on the negotiated connection. This delay is at the very least inconvenient and in some cases unacceptable to users.
According to the '013 patent, a transmitter places an indication in the first portion (one or a few packets) of the voice or media stream that is used by a cooperating receiver to determine if the stream is either unencrypted or uses a single type of encryption cipher. The receiver determines: a) whether the stream comes from a cooperating sender and whether it is unencrypted or encrypted in the expected format (i.e. using the expected cipher). Thus, the receiver disclosed in the '013 patent can provide early cut through in a network that contains both cooperating and non-cooperating transmitters while eliminating the risk of unacceptable audio and delay.
Reference will now be made to the exemplary embodiments illustrated, and specific language will be used herein to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended.